  server {
    listen 4443 ssl;
    server_tokens off;
    # ssl
    ssl_certificate {{ssl_cert}};
    ssl_certificate_key {{ssl_cert_key}};
  
    # recommendations from https://raymii.org/s/tutorials/strong_ssl_security_on_nginx.html
    ssl_protocols tlsv1.2;
    ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:ssl:10m;
  
    # disable any limits to avoid http 413 for large image uploads
    client_max_body_size 0;
  
    # required to avoid http 411: see issue #1486 (https://github.com/docker/docker/issues/1486)
    chunked_transfer_encoding on;

    location /v2/ {
      proxy_pass http://notary-server/v2/;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

      # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
      proxy_set_header X-Forwarded-Proto $scheme;

      proxy_buffering off;
      proxy_request_buffering off;
    }
  }

